分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-06-03 00:08:42 | 2019-06-03 00:11:03 | 141 秒 |
魔盾分数
7.85
危险的
文件详细信息
| 文件名 | 战神挑战助手.exe |
|---|---|
| 文件大小 | 1937408 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 03a276036fe4c755392547e24d9981eb |
| SHA1 | f84605a8e4c1d8cbadc496d81fa50ec1a2732a19 |
| SHA256 | 4f9af8541748578e2756096c0e195f406be2bbe9a88332940fe799c51fdeefb2 |
| SHA512 | f7b4f733edf1bf079d58bb4976222cf1612bb59696c0e4442fc42d928ef8f3de90414e0fa1f386002e08ec1882eca99316fe1f93503646a8a3c33de3e4d69aba |
| CRC32 | 6309696B |
| Ssdeep | 24576:+s6k9+fUwUQ9mZ6iz3nPwbdkz9ZyV/5Cnct1/Au5G9P0MxkG7Wj:+sFdwUQ94oC9ZI/B1/xG9PtjWj |
| Yara |
|
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\test\AppData\Local\Temp\&\xe5\x8c\xb1w
C:\Users\test\AppData\Local\Temp\__________________.exe
C:\Windows\Fonts\staticcache.dat
C:\Users\test\AppData\Local\Temp\&\xe5\x8c\xb1w
C:\Users\test\AppData\Local\Temp\__________________.exe
C:\Windows\Fonts\staticcache.dat
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\test\AppData\Local\Temp\&\xe5\x8c\xb1w
C:\Users\test\AppData\Local\Temp\__________________.exe
C:\Windows\Fonts\staticcache.dat
C:\Users\test\AppData\Local\Temp\&\xe5\x8c\xb1w
C:\Users\test\AppData\Local\Temp\__________________.exe
C:\Windows\Fonts\staticcache.dat
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\__________________.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\ESPI11
HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0804\00000804
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\__________________.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\ESPI11
HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0804\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
kernel32.dll.IsProcessorFeaturePresent
cryptbase.dll.SystemFunction036
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
advapi32.dll.CryptAcquireContextA
cryptsp.dll.CryptAcquireContextA
advapi32.dll.CryptCreateHash
cryptsp.dll.CryptCreateHash
advapi32.dll.CryptHashData
cryptsp.dll.CryptHashData
advapi32.dll.CryptGetHashParam
cryptsp.dll.CryptGetHashParam
advapi32.dll.CryptDestroyHash
cryptsp.dll.CryptDestroyHash
advapi32.dll.CryptReleaseContext
cryptsp.dll.CryptReleaseContext
kernel32.dll.lstrcpyn
kernel32.dll.lstrcpynA
kernel32.dll.RtlMoveMemory
kernel32.dll.VirtualAlloc
kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
kernel32.dll.VirtualProtect
kernel32.dll.VirtualFree
comctl32.dll.ImageList_Draw
gdi32.dll.BitBlt
msimg32.dll.TransparentBlt
msvcrt.dll.free
msvfw32.dll.DrawDibOpen
user32.dll.GetDC
kernel32.dll.MulDiv
kernel32.dll.FlushInstructionCache
kernel32.dll.GetCurrentProcess
kernel32.dll.GetTickCount
kernel32.dll.VirtualQuery
kernel32.dll.SetFilePointer
kernel32.dll.GlobalAlloc
kernel32.dll.GlobalLock
kernel32.dll.GlobalUnlock
kernel32.dll.GlobalReAlloc
kernel32.dll.GlobalFree
kernel32.dll.FindResourceA
kernel32.dll.LoadResource
kernel32.dll.LockResource
kernel32.dll.SizeofResource
kernel32.dll.FreeLibrary
kernel32.dll.GetModuleFileNameA
kernel32.dll.GetModuleHandleA
kernel32.dll.GetVersion
kernel32.dll.GetCurrentThreadId
kernel32.dll.CreateFileA
kernel32.dll.GetFileSize
kernel32.dll.CloseHandle
kernel32.dll.ReadFile
kernel32.dll.SetLastError
comctl32.dll.ImageList_GetIcon
comctl32.dll.ImageList_GetImageInfo
comctl32.dll.ImageList_GetIconSize
gdi32.dll.SetWindowExtEx
gdi32.dll.SetWindowOrgEx
gdi32.dll.SetMapMode
gdi32.dll.SelectClipPath
gdi32.dll.EndPath
gdi32.dll.BeginPath
gdi32.dll.TextOutA
gdi32.dll.GetClipRgn
gdi32.dll.GetPixel
gdi32.dll.CreatePatternBrush
gdi32.dll.CreateFontIndirectA
gdi32.dll.SetViewportOrgEx
gdi32.dll.GetStockObject
gdi32.dll.GetTextExtentPoint32A
gdi32.dll.CreateRoundRectRgn
gdi32.dll.CreateFontA
gdi32.dll.SetViewportExtEx
gdi32.dll.SelectClipRgn
gdi32.dll.SelectObject
gdi32.dll.CreateCompatibleDC
gdi32.dll.DeleteDC
gdi32.dll.OffsetRgn
gdi32.dll.CombineRgn
gdi32.dll.CreateRectRgn
gdi32.dll.CreatePen
gdi32.dll.ExtCreateRegion
gdi32.dll.DeleteObject
gdi32.dll.Rectangle
gdi32.dll.SetPixel
gdi32.dll.PtInRegion
gdi32.dll.SetTextColor
gdi32.dll.SetBkMode
gdi32.dll.PatBlt
gdi32.dll.CreateDIBSection
gdi32.dll.GetObjectA
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.GetTextExtentPointA
gdi32.dll.ExtTextOutA
gdi32.dll.ExtTextOutW
gdi32.dll.SetBkColor
gdi32.dll.GetTextColor
gdi32.dll.CreateSolidBrush
msvcrt.dll.??3@YAXPAX@Z
msvcrt.dll.__CxxFrameHandler
msvcrt.dll.??2@YAPAXI@Z
msvcrt.dll._ftol
msvcrt.dll._mbsstr
msvcrt.dll._mbscmp
msvcrt.dll.__dllonexit
msvcrt.dll.malloc
msvcrt.dll._initterm
msvcrt.dll._adjust_fdiv
msvcrt.dll._onexit
msvcrt.dll.memcpy
msvfw32.dll.DrawDibDraw
msvfw32.dll.DrawDibClose
user32.dll.SetWindowsHookExA
user32.dll.UnhookWindowsHookEx
user32.dll.CallNextHookEx
user32.dll.GetClassNameA
user32.dll.IsWindow
user32.dll.EnumThreadWindows
user32.dll.EnumChildWindows
user32.dll.LockWindowUpdate
user32.dll.DestroyIcon
user32.dll.DrawStateA
user32.dll.ShowWindow
user32.dll.GetMenuItemID
user32.dll.GetWindowRgn
user32.dll.SetMenu
user32.dll.GetMenu
user32.dll.GetSubMenu
user32.dll.TrackPopupMenu
user32.dll.CreateWindowExA
user32.dll.DestroyWindow
user32.dll.GetWindowInfo
user32.dll.SetWindowPos
user32.dll.GetClassLongA
user32.dll.ScreenToClient
user32.dll.SystemParametersInfoA
user32.dll.GetSystemMetrics
user32.dll.MenuItemFromPoint
user32.dll.GetMenuItemRect
user32.dll.GetMenuItemCount
user32.dll.SetMenuItemInfoA
user32.dll.IsMenu
user32.dll.GetUpdateRect
user32.dll.EqualRect
user32.dll.ShowScrollBar
user32.dll.SetWindowRgn
user32.dll.WindowFromDC
user32.dll.MoveWindow
user32.dll.GetSysColor
user32.dll.EnableScrollBar
user32.dll.GetScrollBarInfo
user32.dll.GetCapture
user32.dll.SetScrollPos
user32.dll.SetScrollInfo
user32.dll.GetScrollRange
user32.dll.GetScrollPos
user32.dll.GetScrollInfo
user32.dll.ReleaseDC
user32.dll.GetWindowDC
user32.dll.GetDCEx
user32.dll.EndPaint
user32.dll.BeginPaint
user32.dll.GetWindowLongW
user32.dll.SetWindowLongW
user32.dll.SetWindowLongA
user32.dll.ClientToScreen
user32.dll.FindWindowExA
user32.dll.GetMenuItemInfoA
user32.dll.GetParent
user32.dll.GetComboBoxInfo
user32.dll.TrackMouseEvent
user32.dll.GetIconInfo
user32.dll.GetClientRect
user32.dll.GetFocus
user32.dll.InflateRect
user32.dll.InvalidateRect
user32.dll.SetPropA
user32.dll.RemovePropA
user32.dll.CallWindowProcA
user32.dll.GetPropA
user32.dll.SetTimer
user32.dll.OffsetRect
user32.dll.KillTimer
user32.dll.EnableWindow
user32.dll.GetWindowLongA
user32.dll.SetRectEmpty
user32.dll.DrawIconEx
user32.dll.GetWindowTextA
user32.dll.DrawTextA
user32.dll.IsRectEmpty
user32.dll.IsIconic
user32.dll.IsZoomed
user32.dll.GetSystemMenu
user32.dll.GetMenuState
user32.dll.ReleaseCapture
user32.dll.GetMessageA
user32.dll.SetScrollRange
user32.dll.DispatchMessageA
user32.dll.SetRect
user32.dll.IsWindowVisible
user32.dll.RegisterClassExA
user32.dll.DefWindowProcA
user32.dll.IsWindowEnabled
user32.dll.SendMessageA
user32.dll.GetCursorPos
user32.dll.LoadCursorA
user32.dll.SetCursor
user32.dll.GetWindowRect
user32.dll.PtInRect
user32.dll.SetCapture
user32.dll.UpdateLayeredWindow
user32.dll.SetLayeredWindowAttributes
dciman32.dll.DCIOpenProvider
dciman32.dll.DCICloseProvider
dciman32.dll.DCICreatePrimary
dciman32.dll.DCIEndAccess
dciman32.dll.DCIBeginAccess
dciman32.dll.DCIDestroy
comctl32.dll.RegisterClassNameW
uxtheme.dll.EnableThemeDialogTexture
uxtheme.dll.OpenThemeData
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
gdi32.dll.GetTextExtentExPointWPri
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
user32.dll.GetAsyncKeyState
oleaut32.dll.SysAllocString
oleaut32.dll.SysStringLen
oleaut32.dll.SysFreeString
cryptbase.dll.SystemFunction036
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
advapi32.dll.CryptAcquireContextA
cryptsp.dll.CryptAcquireContextA
advapi32.dll.CryptCreateHash
cryptsp.dll.CryptCreateHash
advapi32.dll.CryptHashData
cryptsp.dll.CryptHashData
advapi32.dll.CryptGetHashParam
cryptsp.dll.CryptGetHashParam
advapi32.dll.CryptDestroyHash
cryptsp.dll.CryptDestroyHash
advapi32.dll.CryptReleaseContext
cryptsp.dll.CryptReleaseContext
kernel32.dll.lstrcpyn
kernel32.dll.lstrcpynA
kernel32.dll.RtlMoveMemory
kernel32.dll.VirtualAlloc
kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
kernel32.dll.VirtualProtect
kernel32.dll.VirtualFree
comctl32.dll.ImageList_Draw
gdi32.dll.BitBlt
msimg32.dll.TransparentBlt
msvcrt.dll.free
msvfw32.dll.DrawDibOpen
user32.dll.GetDC
kernel32.dll.MulDiv
kernel32.dll.FlushInstructionCache
kernel32.dll.GetCurrentProcess
kernel32.dll.GetTickCount
kernel32.dll.VirtualQuery
kernel32.dll.SetFilePointer
kernel32.dll.GlobalAlloc
kernel32.dll.GlobalLock
kernel32.dll.GlobalUnlock
kernel32.dll.GlobalReAlloc
kernel32.dll.GlobalFree
kernel32.dll.FindResourceA
kernel32.dll.LoadResource
kernel32.dll.LockResource
kernel32.dll.SizeofResource
kernel32.dll.FreeLibrary
kernel32.dll.GetModuleFileNameA
kernel32.dll.GetModuleHandleA
kernel32.dll.GetVersion
kernel32.dll.GetCurrentThreadId
kernel32.dll.CreateFileA
kernel32.dll.GetFileSize
kernel32.dll.CloseHandle
kernel32.dll.ReadFile
kernel32.dll.SetLastError
comctl32.dll.ImageList_GetIcon
comctl32.dll.ImageList_GetImageInfo
comctl32.dll.ImageList_GetIconSize
gdi32.dll.SetWindowExtEx
gdi32.dll.SetWindowOrgEx
gdi32.dll.SetMapMode
gdi32.dll.SelectClipPath
gdi32.dll.EndPath
gdi32.dll.BeginPath
gdi32.dll.TextOutA
gdi32.dll.GetClipRgn
gdi32.dll.GetPixel
gdi32.dll.CreatePatternBrush
gdi32.dll.CreateFontIndirectA
gdi32.dll.SetViewportOrgEx
gdi32.dll.GetStockObject
gdi32.dll.GetTextExtentPoint32A
gdi32.dll.CreateRoundRectRgn
gdi32.dll.CreateFontA
gdi32.dll.SetViewportExtEx
gdi32.dll.SelectClipRgn
gdi32.dll.SelectObject
gdi32.dll.CreateCompatibleDC
gdi32.dll.DeleteDC
gdi32.dll.OffsetRgn
gdi32.dll.CombineRgn
gdi32.dll.CreateRectRgn
gdi32.dll.CreatePen
gdi32.dll.ExtCreateRegion
gdi32.dll.DeleteObject
gdi32.dll.Rectangle
gdi32.dll.SetPixel
gdi32.dll.PtInRegion
gdi32.dll.SetTextColor
gdi32.dll.SetBkMode
gdi32.dll.PatBlt
gdi32.dll.CreateDIBSection
gdi32.dll.GetObjectA
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.GetTextExtentPointA
gdi32.dll.ExtTextOutA
gdi32.dll.ExtTextOutW
gdi32.dll.SetBkColor
gdi32.dll.GetTextColor
gdi32.dll.CreateSolidBrush
msvcrt.dll.??3@YAXPAX@Z
msvcrt.dll.__CxxFrameHandler
msvcrt.dll.??2@YAPAXI@Z
msvcrt.dll._ftol
msvcrt.dll._mbsstr
msvcrt.dll._mbscmp
msvcrt.dll.__dllonexit
msvcrt.dll.malloc
msvcrt.dll._initterm
msvcrt.dll._adjust_fdiv
msvcrt.dll._onexit
msvcrt.dll.memcpy
msvfw32.dll.DrawDibDraw
msvfw32.dll.DrawDibClose
user32.dll.SetWindowsHookExA
user32.dll.UnhookWindowsHookEx
user32.dll.CallNextHookEx
user32.dll.GetClassNameA
user32.dll.IsWindow
user32.dll.EnumThreadWindows
user32.dll.EnumChildWindows
user32.dll.LockWindowUpdate
user32.dll.DestroyIcon
user32.dll.DrawStateA
user32.dll.ShowWindow
user32.dll.GetMenuItemID
user32.dll.GetWindowRgn
user32.dll.SetMenu
user32.dll.GetMenu
user32.dll.GetSubMenu
user32.dll.TrackPopupMenu
user32.dll.CreateWindowExA
user32.dll.DestroyWindow
user32.dll.GetWindowInfo
user32.dll.SetWindowPos
user32.dll.GetClassLongA
user32.dll.ScreenToClient
user32.dll.SystemParametersInfoA
user32.dll.GetSystemMetrics
user32.dll.MenuItemFromPoint
user32.dll.GetMenuItemRect
user32.dll.GetMenuItemCount
user32.dll.SetMenuItemInfoA
user32.dll.IsMenu
user32.dll.GetUpdateRect
user32.dll.EqualRect
user32.dll.ShowScrollBar
user32.dll.SetWindowRgn
user32.dll.WindowFromDC
user32.dll.MoveWindow
user32.dll.GetSysColor
user32.dll.EnableScrollBar
user32.dll.GetScrollBarInfo
user32.dll.GetCapture
user32.dll.SetScrollPos
user32.dll.SetScrollInfo
user32.dll.GetScrollRange
user32.dll.GetScrollPos
user32.dll.GetScrollInfo
user32.dll.ReleaseDC
user32.dll.GetWindowDC
user32.dll.GetDCEx
user32.dll.EndPaint
user32.dll.BeginPaint
user32.dll.GetWindowLongW
user32.dll.SetWindowLongW
user32.dll.SetWindowLongA
user32.dll.ClientToScreen
user32.dll.FindWindowExA
user32.dll.GetMenuItemInfoA
user32.dll.GetParent
user32.dll.GetComboBoxInfo
user32.dll.TrackMouseEvent
user32.dll.GetIconInfo
user32.dll.GetClientRect
user32.dll.GetFocus
user32.dll.InflateRect
user32.dll.InvalidateRect
user32.dll.SetPropA
user32.dll.RemovePropA
user32.dll.CallWindowProcA
user32.dll.GetPropA
user32.dll.SetTimer
user32.dll.OffsetRect
user32.dll.KillTimer
user32.dll.EnableWindow
user32.dll.GetWindowLongA
user32.dll.SetRectEmpty
user32.dll.DrawIconEx
user32.dll.GetWindowTextA
user32.dll.DrawTextA
user32.dll.IsRectEmpty
user32.dll.IsIconic
user32.dll.IsZoomed
user32.dll.GetSystemMenu
user32.dll.GetMenuState
user32.dll.ReleaseCapture
user32.dll.GetMessageA
user32.dll.SetScrollRange
user32.dll.DispatchMessageA
user32.dll.SetRect
user32.dll.IsWindowVisible
user32.dll.RegisterClassExA
user32.dll.DefWindowProcA
user32.dll.IsWindowEnabled
user32.dll.SendMessageA
user32.dll.GetCursorPos
user32.dll.LoadCursorA
user32.dll.SetCursor
user32.dll.GetWindowRect
user32.dll.PtInRect
user32.dll.SetCapture
user32.dll.UpdateLayeredWindow
user32.dll.SetLayeredWindowAttributes
dciman32.dll.DCIOpenProvider
dciman32.dll.DCICloseProvider
dciman32.dll.DCICreatePrimary
dciman32.dll.DCIEndAccess
dciman32.dll.DCIBeginAccess
dciman32.dll.DCIDestroy
comctl32.dll.RegisterClassNameW
uxtheme.dll.EnableThemeDialogTexture
uxtheme.dll.OpenThemeData
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
gdi32.dll.GetTextExtentExPointWPri
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
user32.dll.GetAsyncKeyState
oleaut32.dll.SysAllocString
oleaut32.dll.SysStringLen
oleaut32.dll.SysFreeString
Local\MSCTF.Asm.MutexDefault1
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x004730c7 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x001d917a |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2019-06-02 21:27:31 |
| 载入哈希 | da235dfbbb688ad53f3387fe9d31f249 |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00091e06 | 0x00092000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.56 |
| .rdata | 0x00093000 | 0x001282b0 | 0x00129000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.24 |
| .data | 0x001bc000 | 0x00044028 | 0x00016000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.49 |
| .rsrc | 0x00201000 | 0x000060d4 | 0x00007000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.51 |
导入
库: KERNEL32.dll:
• 0x49318c SetEndOfFile
• 0x493190 UnlockFile
• 0x493194 LockFile
• 0x493198 FlushFileBuffers
• 0x49319c SetFilePointer
• 0x4931a0 DuplicateHandle
• 0x4931a4 lstrcpynA
• 0x4931a8 SetLastError
• 0x4931ac FileTimeToLocalFileTime
• 0x4931b0 FileTimeToSystemTime
• 0x4931b4 LocalFree
• 0x4931b8 InterlockedDecrement
• 0x4931bc CreateFileMappingA
• 0x4931c0 MapViewOfFile
• 0x4931c4 UnmapViewOfFile
• 0x4931c8 OpenFileMappingA
• 0x4931cc ReleaseMutex
• 0x4931d0 WideCharToMultiByte
• 0x4931d4 MultiByteToWideChar
• 0x4931d8 GetCurrentProcess
• 0x4931dc SetStdHandle
• 0x4931e0 IsBadCodePtr
• 0x4931e4 IsBadReadPtr
• 0x4931e8 CompareStringW
• 0x4931ec CompareStringA
• 0x4931f0 SetUnhandledExceptionFilter
• 0x4931f4 GetStringTypeW
• 0x4931f8 GetStringTypeA
• 0x4931fc IsBadWritePtr
• 0x493200 VirtualAlloc
• 0x493204 LCMapStringW
• 0x493208 LCMapStringA
• 0x49320c SetEnvironmentVariableA
• 0x493210 VirtualFree
• 0x493214 HeapCreate
• 0x493218 HeapDestroy
• 0x49321c GetEnvironmentVariableA
• 0x493220 GetFileType
• 0x493224 GetStdHandle
• 0x493228 SetHandleCount
• 0x49322c GetEnvironmentStringsW
• 0x493230 GetEnvironmentStrings
• 0x493234 FreeEnvironmentStringsW
• 0x493238 FreeEnvironmentStringsA
• 0x49323c UnhandledExceptionFilter
• 0x493240 GetACP
• 0x493244 HeapSize
• 0x493248 TerminateProcess
• 0x49324c GetLocalTime
• 0x493250 GetWindowsDirectoryA
• 0x493254 GetSystemDirectoryA
• 0x493258 CreateSemaphoreA
• 0x49325c ResumeThread
• 0x493260 ReleaseSemaphore
• 0x493264 EnterCriticalSection
• 0x493268 LeaveCriticalSection
• 0x49326c GetProfileStringA
• 0x493270 WriteFile
• 0x493274 WaitForMultipleObjects
• 0x493278 CreateFileA
• 0x49327c SetEvent
• 0x493280 FindResourceA
• 0x493284 LoadResource
• 0x493288 LockResource
• 0x49328c ReadFile
• 0x493290 GetModuleFileNameA
• 0x493294 GetCurrentThreadId
• 0x493298 ExitProcess
• 0x49329c GlobalSize
• 0x4932a0 GlobalFree
• 0x4932a4 DeleteCriticalSection
• 0x4932a8 InitializeCriticalSection
• 0x4932ac lstrcatA
• 0x4932b0 lstrlenA
• 0x4932b4 WinExec
• 0x4932b8 lstrcpyA
• 0x4932bc FindNextFileA
• 0x4932c0 GlobalReAlloc
• 0x4932c4 HeapFree
• 0x4932c8 HeapReAlloc
• 0x4932cc GetProcessHeap
• 0x4932d0 HeapAlloc
• 0x4932d4 GetFullPathNameA
• 0x4932d8 FreeLibrary
• 0x4932dc LoadLibraryA
• 0x4932e0 GetLastError
• 0x4932e4 GetVersionExA
• 0x4932e8 WritePrivateProfileStringA
• 0x4932ec CreateThread
• 0x4932f0 CreateEventA
• 0x4932f4 Sleep
• 0x4932f8 ExpandEnvironmentStringsA
• 0x4932fc GetSystemTime
• 0x493300 GetTimeZoneInformation
• 0x493304 RaiseException
• 0x493308 RtlUnwind
• 0x49330c GetStartupInfoA
• 0x493310 GetOEMCP
• 0x493314 GetCPInfo
• 0x493318 GetProcessVersion
• 0x49331c SetErrorMode
• 0x493320 GlobalFlags
• 0x493324 GetCurrentThread
• 0x493328 GetFileTime
• 0x49332c GetFileSize
• 0x493330 TlsGetValue
• 0x493334 LocalReAlloc
• 0x493338 TlsSetValue
• 0x49333c TlsFree
• 0x493340 GlobalHandle
• 0x493344 TlsAlloc
• 0x493348 LocalAlloc
• 0x49334c lstrcmpA
• 0x493350 GetVersion
• 0x493354 GlobalGetAtomNameA
• 0x493358 GlobalAlloc
• 0x49335c GlobalLock
• 0x493360 GlobalUnlock
• 0x493364 GetTempPathA
• 0x493368 FindFirstFileA
• 0x49336c FindClose
• 0x493370 GetFileAttributesA
• 0x493374 DeleteFileA
• 0x493378 CopyFileA
• 0x49337c SetCurrentDirectoryA
• 0x493380 GetVolumeInformationA
• 0x493384 GetModuleHandleA
• 0x493388 GetProcAddress
• 0x49338c MulDiv
• 0x493390 GetCommandLineA
• 0x493394 GetTickCount
• 0x493398 CreateProcessA
• 0x49339c WaitForSingleObject
• 0x4933a0 CloseHandle
• 0x4933a4 GlobalAddAtomA
• 0x4933a8 GlobalFindAtomA
• 0x4933ac GlobalDeleteAtom
• 0x4933b0 lstrcmpiA
• 0x4933b4 InterlockedIncrement
库: USER32.dll:
• 0x4933dc WaitForInputIdle
• 0x4933e0 wsprintfA
• 0x4933e4 CloseClipboard
• 0x4933e8 GetClipboardData
• 0x4933ec OpenClipboard
• 0x4933f0 SetClipboardData
• 0x4933f4 EmptyClipboard
• 0x4933f8 GetSystemMetrics
• 0x4933fc GetCursorPos
• 0x493400 MessageBoxA
• 0x493404 SetWindowPos
• 0x493408 SendMessageA
• 0x49340c DestroyCursor
• 0x493410 SetParent
• 0x493414 IsWindow
• 0x493418 PostMessageA
• 0x49341c GetTopWindow
• 0x493420 GetParent
• 0x493424 GetFocus
• 0x493428 GetClientRect
• 0x49342c InvalidateRect
• 0x493430 ValidateRect
• 0x493434 UpdateWindow
• 0x493438 EqualRect
• 0x49343c GetWindowRect
• 0x493440 SetForegroundWindow
• 0x493444 DestroyMenu
• 0x493448 IsChild
• 0x49344c ReleaseDC
• 0x493450 IsRectEmpty
• 0x493454 FillRect
• 0x493458 GetDC
• 0x49345c SetCursor
• 0x493460 LoadCursorA
• 0x493464 SetCursorPos
• 0x493468 SetActiveWindow
• 0x49346c GetSysColor
• 0x493470 SetWindowLongA
• 0x493474 GetWindowLongA
• 0x493478 RedrawWindow
• 0x49347c EnableWindow
• 0x493480 IsWindowVisible
• 0x493484 OffsetRect
• 0x493488 PtInRect
• 0x49348c DestroyIcon
• 0x493490 IntersectRect
• 0x493494 InflateRect
• 0x493498 SetRect
• 0x49349c SetScrollPos
• 0x4934a0 SetScrollRange
• 0x4934a4 GetScrollRange
• 0x4934a8 SetCapture
• 0x4934ac GetCapture
• 0x4934b0 ReleaseCapture
• 0x4934b4 SetTimer
• 0x4934b8 GetForegroundWindow
• 0x4934bc LoadIconA
• 0x4934c0 TranslateMessage
• 0x4934c4 DrawFrameControl
• 0x4934c8 DrawEdge
• 0x4934cc DrawFocusRect
• 0x4934d0 WindowFromPoint
• 0x4934d4 GetMessageA
• 0x4934d8 DispatchMessageA
• 0x4934dc SetRectEmpty
• 0x4934e0 RegisterClipboardFormatA
• 0x4934e4 CreateIconFromResourceEx
• 0x4934e8 CreateIconFromResource
• 0x4934ec DrawIconEx
• 0x4934f0 CreatePopupMenu
• 0x4934f4 AppendMenuA
• 0x4934f8 ModifyMenuA
• 0x4934fc CreateMenu
• 0x493500 CreateAcceleratorTableA
• 0x493504 GetDlgCtrlID
• 0x493508 GetSubMenu
• 0x49350c EnableMenuItem
• 0x493510 ClientToScreen
• 0x493514 EnumDisplaySettingsA
• 0x493518 LoadImageA
• 0x49351c SystemParametersInfoA
• 0x493520 ShowWindow
• 0x493524 IsWindowEnabled
• 0x493528 TranslateAcceleratorA
• 0x49352c GetKeyState
• 0x493530 CopyAcceleratorTableA
• 0x493534 PostQuitMessage
• 0x493538 IsZoomed
• 0x49353c GetClassInfoA
• 0x493540 DefWindowProcA
• 0x493544 GetWindowTextA
• 0x493548 GetWindowTextLengthA
• 0x49354c CharUpperA
• 0x493550 GetWindowDC
• 0x493554 BeginPaint
• 0x493558 EndPaint
• 0x49355c TabbedTextOutA
• 0x493560 DrawTextA
• 0x493564 GrayStringA
• 0x493568 GetDlgItem
• 0x49356c DestroyWindow
• 0x493570 CreateDialogIndirectParamA
• 0x493574 EndDialog
• 0x493578 GetNextDlgTabItem
• 0x49357c GetWindowPlacement
• 0x493580 RegisterWindowMessageA
• 0x493584 GetLastActivePopup
• 0x493588 GetMessageTime
• 0x49358c RemovePropA
• 0x493590 CallWindowProcA
• 0x493594 GetPropA
• 0x493598 UnhookWindowsHookEx
• 0x49359c SetPropA
• 0x4935a0 GetClassLongA
• 0x4935a4 CallNextHookEx
• 0x4935a8 SetWindowsHookExA
• 0x4935ac CreateWindowExA
• 0x4935b0 GetMenuItemID
• 0x4935b4 GetMenuItemCount
• 0x4935b8 RegisterClassA
• 0x4935bc GetScrollPos
• 0x4935c0 UnregisterClassA
• 0x4935c4 AdjustWindowRectEx
• 0x4935c8 MapWindowPoints
• 0x4935cc SendDlgItemMessageA
• 0x4935d0 ScrollWindowEx
• 0x4935d4 IsDialogMessageA
• 0x4935d8 SetWindowTextA
• 0x4935dc MoveWindow
• 0x4935e0 CheckMenuItem
• 0x4935e4 SetMenuItemBitmaps
• 0x4935e8 GetMenuState
• 0x4935ec GetMenuCheckMarkDimensions
• 0x4935f0 GetClassNameA
• 0x4935f4 GetDesktopWindow
• 0x4935f8 LoadStringA
• 0x4935fc GetSysColorBrush
• 0x493600 GetSystemMenu
• 0x493604 DeleteMenu
• 0x493608 GetMenu
• 0x49360c SetMenu
• 0x493610 PeekMessageA
• 0x493614 IsIconic
• 0x493618 SetFocus
• 0x49361c GetActiveWindow
• 0x493620 GetWindow
• 0x493624 DestroyAcceleratorTable
• 0x493628 SetWindowRgn
• 0x49362c GetMessagePos
• 0x493630 ScreenToClient
• 0x493634 ChildWindowFromPointEx
• 0x493638 CopyRect
• 0x49363c LoadBitmapA
• 0x493640 WinHelpA
• 0x493644 KillTimer
库: GDI32.dll:
• 0x493040 SelectClipRgn
• 0x493044 DeleteObject
• 0x493048 CreateDIBitmap
• 0x49304c GetSystemPaletteEntries
• 0x493050 CreatePalette
• 0x493054 StretchBlt
• 0x493058 SelectPalette
• 0x49305c RealizePalette
• 0x493060 GetDIBits
• 0x493064 GetWindowExtEx
• 0x493068 GetViewportOrgEx
• 0x49306c GetWindowOrgEx
• 0x493070 BeginPath
• 0x493074 EndPath
• 0x493078 PathToRegion
• 0x49307c CreateEllipticRgn
• 0x493080 CreateRoundRectRgn
• 0x493084 GetTextColor
• 0x493088 GetBkMode
• 0x49308c GetBkColor
• 0x493090 GetROP2
• 0x493094 GetStretchBltMode
• 0x493098 GetPolyFillMode
• 0x49309c CreateCompatibleBitmap
• 0x4930a0 CreateDCA
• 0x4930a4 CreateBitmap
• 0x4930a8 SelectObject
• 0x4930ac GetObjectA
• 0x4930b0 CreatePen
• 0x4930b4 CreatePolygonRgn
• 0x4930b8 CombineRgn
• 0x4930bc CreateRectRgn
• 0x4930c0 FillRgn
• 0x4930c4 CreateSolidBrush
• 0x4930c8 GetStockObject
• 0x4930cc CreateFontIndirectA
• 0x4930d0 EndPage
• 0x4930d4 EndDoc
• 0x4930d8 DeleteDC
• 0x4930dc StartDocA
• 0x4930e0 StartPage
• 0x4930e4 BitBlt
• 0x4930e8 CreateCompatibleDC
• 0x4930ec Ellipse
• 0x4930f0 Rectangle
• 0x4930f4 LPtoDP
• 0x4930f8 DPtoLP
• 0x4930fc GetCurrentObject
• 0x493100 RoundRect
• 0x493104 GetTextExtentPoint32A
• 0x493108 GetDeviceCaps
• 0x49310c SaveDC
• 0x493110 RestoreDC
• 0x493114 SetBkMode
• 0x493118 SetPolyFillMode
• 0x49311c SetROP2
• 0x493120 SetTextColor
• 0x493124 SetMapMode
• 0x493128 SetViewportOrgEx
• 0x49312c OffsetViewportOrgEx
• 0x493130 SetViewportExtEx
• 0x493134 ScaleViewportExtEx
• 0x493138 SetWindowOrgEx
• 0x49313c SetWindowExtEx
• 0x493140 ScaleWindowExtEx
• 0x493144 GetClipBox
• 0x493148 ExcludeClipRect
• 0x49314c MoveToEx
• 0x493150 LineTo
• 0x493154 GetClipRgn
• 0x493158 SetStretchBltMode
• 0x49315c CreateRectRgnIndirect
• 0x493160 SetBkColor
• 0x493164 PatBlt
• 0x493168 GetTextMetricsA
• 0x49316c Escape
• 0x493170 ExtTextOutA
• 0x493174 TextOutA
• 0x493178 RectVisible
• 0x49317c PtVisible
• 0x493180 GetViewportExtEx
• 0x493184 ExtSelectClipRgn
库: WINMM.dll:
• 0x49364c midiStreamRestart
• 0x493650 midiStreamClose
• 0x493654 midiOutReset
• 0x493658 midiStreamStop
• 0x49365c midiStreamOut
• 0x493660 midiOutPrepareHeader
• 0x493664 midiStreamProperty
• 0x493668 midiStreamOpen
• 0x49366c midiOutUnprepareHeader
• 0x493670 waveOutOpen
• 0x493674 waveOutGetNumDevs
• 0x493678 waveOutClose
• 0x49367c waveOutReset
• 0x493680 waveOutPause
• 0x493684 waveOutWrite
• 0x493688 waveOutPrepareHeader
• 0x49368c waveOutUnprepareHeader
库: ADVAPI32.dll:
• 0x493000 RegQueryValueExA
• 0x493004 RegOpenKeyExA
• 0x493008 RegSetValueExA
• 0x49300c RegDeleteValueA
• 0x493010 RegDeleteKeyA
• 0x493014 RegQueryValueA
• 0x493018 InitializeSecurityDescriptor
• 0x49301c SetSecurityDescriptorDacl
• 0x493020 RegOpenKeyA
• 0x493024 RegEnumKeyA
• 0x493028 RegCreateKeyExA
• 0x49302c RegCloseKey
库: SHELL32.dll:
• 0x4933cc ShellExecuteA
• 0x4933d0 Shell_NotifyIconA
• 0x4933d4 SHGetSpecialFolderPathA
库: WS2_32.dll:
• 0x4936a4 recvfrom
• 0x4936a8 ioctlsocket
• 0x4936ac recv
• 0x4936b0 getpeername
• 0x4936b4 accept
• 0x4936b8 ntohs
• 0x4936bc htons
• 0x4936c0 WSAAsyncSelect
• 0x4936c4 closesocket
• 0x4936c8 WSACleanup
• 0x4936cc inet_ntoa
库: comdlg32.dll:
• 0x4936d4 GetFileTitleA
• 0x4936d8 GetSaveFileNameA
• 0x4936dc GetOpenFileNameA
• 0x4936e0 ChooseColorA
.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect begin
VMProtect end
VMProtect end
Ph(}Z
Ph@}Z
Ph@}Z
Ph@}Z
Ph@}Z
8`}<j
T$th
|$tVj
D$@Sj
L$8h
D$8Rj
l$<VWj
T$ Rj
L$4S+L$0Qj
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 29.677 seconds )
- 15.54 Suricata
- 7.253 Static
- 4.165 TargetInfo
- 1.438 VirusTotal
- 0.465 peid
- 0.35 NetworkAnalysis
- 0.315 BehaviorAnalysis
- 0.127 AnalysisInfo
- 0.015 Strings
- 0.006 config_decoder
- 0.003 Memory
Signatures ( 0.229 seconds )
- 0.028 antiav_detectreg
- 0.016 api_spamming
- 0.016 md_domain_bl
- 0.014 md_url_bl
- 0.012 stealth_timeout
- 0.012 infostealer_ftp
- 0.011 stealth_decoy_document
- 0.008 anomaly_persistence_autorun
- 0.007 antiav_detectfile
- 0.007 infostealer_im
- 0.006 antianalysis_detectreg
- 0.006 ransomware_files
- 0.005 infostealer_bitcoin
- 0.005 ransomware_extensions
- 0.004 antiemu_wine_func
- 0.004 kovter_behavior
- 0.004 infostealer_mail
- 0.003 tinba_behavior
- 0.003 antivm_vbox_libs
- 0.003 rat_nanocore
- 0.003 infostealer_browser_password
- 0.003 antidbg_windows
- 0.003 antivm_vbox_files
- 0.003 geodo_banking_trojan
- 0.003 disables_browser_warn
- 0.002 antivm_generic_services
- 0.002 betabot_behavior
- 0.002 antivm_generic_scsi
- 0.002 exec_crash
- 0.002 cerber_behavior
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 md_bad_drop
- 0.001 network_tor
- 0.001 antiav_avast_libs
- 0.001 antivm_vmware_libs
- 0.001 ursnif_behavior
- 0.001 antisandbox_sunbelt_libs
- 0.001 dyre_behavior
- 0.001 kibex_behavior
- 0.001 shifu_behavior
- 0.001 anormaly_invoke_kills
- 0.001 antianalysis_detectfile
- 0.001 antidbg_devices
- 0.001 antivm_generic_diskreg
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 darkcomet_regkeys
- 0.001 recon_fingerprint
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
Reporting ( 1.294 seconds )
- 0.934 ReportHTMLSummary
- 0.36 Malheur
| Task ID | 300217 |
|---|---|
| Mongo ID | 5cf3f53b2f8f2e1a35d46e74 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号